public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/firejail: use local runCommand 

Also:

- use `runtimeShell`; and
- remove unused `makeWrapper` input; and
- `exec()` to shed wrapping shell
This commit is contained in:
Joachim Fasting 2019-10-05 18:32:22 +02:00 committed by Alyssa Ross
parent 991bbef683
commit 1b575dbd79
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
nixos/modules/programs/firejail.nix
View File

@ -5,20 +5,20 @@ with lib;
let let
cfg = config.programs.firejail; cfg = config.programs.firejail;
wrappedBins = pkgs.stdenv.mkDerivation { wrappedBins = pkgs.runCommand "firejail-wrapped-binaries"
name = "firejail-wrapped-binaries"; { preferLocalBuild = true;
nativeBuildInputs = with pkgs; [ makeWrapper ]; allowSubstitutes = false;
buildCommand = '' }
''
mkdir -p $out/bin mkdir -p $out/bin
${lib.concatStringsSep "\n" (lib.mapAttrsToList (command: binary: '' ${lib.concatStringsSep "\n" (lib.mapAttrsToList (command: binary: ''
cat <<_EOF >$out/bin/${command} cat <<_EOF >$out/bin/${command}
#!${pkgs.stdenv.shell} -e #! ${pkgs.runtimeShell} -e
/run/wrappers/bin/firejail ${binary} "\$@" exec /run/wrappers/bin/firejail ${binary} "\$@"
_EOF _EOF
chmod 0755 $out/bin/${command} chmod 0755 $out/bin/${command}
'') cfg.wrappedBinaries)} '') cfg.wrappedBinaries)}
''; '';
};
in { in {
options.programs.firejail = { options.programs.firejail = {